in qpid/messaging/transports.py [0:0]
def verify_hostname(peer_certificate, hostname):
match_found = False
peer_names = []
if peer_certificate:
if 'subjectAltName' in peer_certificate:
for san in peer_certificate['subjectAltName']:
if san[0] == 'DNS':
peer_names.append(san[1].lower())
if 'subject' in peer_certificate:
for sub in peer_certificate['subject']:
while isinstance(sub, tuple) and isinstance(sub[0], tuple):
sub = sub[0] # why the extra level of indirection???
if sub[0] == 'commonName':
peer_names.append(sub[1].lower())
for pattern in peer_names:
if _match_dns_pattern(hostname.lower(), pattern):
match_found = True
break
if not match_found:
raise SSLError("Connection hostname '%s' does not match names from peer certificate: %s" % (hostname, peer_names))